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REMARKS 

Claims 1-21 are pending in the present application. Claims 1,14 and 18 are the 
independent claims. Herein, the specification has been amended herein to provide serial number 
information for related U.S. Appln. No. 09/849,093. Claim 1 has also been amended to correct 
for antecedent basis due to a typographical error upon filing. As noted in the Official Action, 
support for the amendment to claim 1 lies within the recitation of claim 1 itself. No new matter 
has been added. 

In the Official Action, dated December 21, 2004, the specification was objected to for 
allegedly failing to define the acronym "ACE." Claim 1 was rejected under 35 U.S.C. § 1 12 due 
to Applicants' typographical omission of the term "structure" in the term "static maximum 
allowed access data structure" as used throughout the rest of the claim and specification. 
Additionally, claims 1-17 were rejected under 35 U.S.C. § 103(a) as allegedly obvious over 
"SiteMinder Delivers Industry-Leading Performance, Scalability and Reliability" (December 
1999) (hereinafter "Netegrity White Paper") in view of U.S. Publication No. 2001/0021926A1 
(hereinafter "Schneck"). Claims 18-21 were rejected under 35 U.S.C. § 103(a) over the Netegrity 
White Paper in view of U.S. Patent No. 5,469,556 (Clifton). 

Formal Matters 

With respect to the objection to the specification, Applicants respectfully submit that the 
acronym ACE is initially defined on page 3, line 1 as an "Access Control Entry (ACE)." The 
acronym ACE is used consistently throughout the specification thereafter as acronym shorthand 
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for Access Control Entry. Withdrawal of the objection to the use of the term ACE in the 
specification is respectfully requested. 

Claim 1 was objected to for lacking antecedent basis for the term "static maximum 
allowed access data." Applicants agree with the Examiner's intuition that the term should have 
been "static maximum allowed access data structure" as used in the rest of the claim, and have 
happily conformed claim 1 to this original understanding herein. Accordingly, Applicants 
request reconsideration and withdrawal of the rejection based on indefiniteness. 

As to the substantive assertions based on root reference Netegrity White Paper, the 
outstanding rejections to the claims are respectfully traversed as follows. 

Summary of the Invention 
The main problem addressed by the cached static maximum allowed access mechanism 
of the present invention is overly costly redundant access evaluations. In addressing the problem, 
the cached static maximum allowed access (SMAA) mechanism of the present invention 
provides a high performance access check routine for applications that perform redundant access 
checks. 

The SMAA mechanism of the present invention also provides support for varying desired 
access permissions and dynamic access policy . Although the caller's client context and the 
DACL must remain the same for multiple high-performance access checks using this 
mechanism, each access check supports unique input values for (a) desired access i.e., the set of 
permissions required to perform a certain operation on an object protected by the DACL and (b) 
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dynamic factors i.e., dynamic data that may vary between access check calls and is required to 
evaluate the dynamic portions of access policy associated with the DACL . 

A typical calculation and caching of the static maximum allowed access includes the 
following. If no dynamic access policy is defined in the DACL, then access decisions are 
nearly instantaneous since the static maximum allowed access contains all permissions that 
may be granted to the caller. Even if some dynamic access policy is defined in the DACL, 
access decisions are generally faster than normal since the static and/or dynamic access 
policy may not need to be reevaluated . 

A request for permissions contained entirely within the set of static maximum allowed 
access does not require additional dynamic access evaluation. Sometimes, however, an 
evaluation of access policy for a given request may nonetheless involve an evaluation of 
dynamic access policy. Advantageously for most of these cases, only the dynamic elements of 
the access policy (and not the entire DACL) are reevaluated to complete the access decision 
evaluation process. 

The cached static maximum allowed access mechanism of the present invention thus 
provides a solution to the problem of costly redundant access checks by supporting the 
generation of static maximum allowed access data. 

Nete2ritv White Paver and the Rejection under 35 U.S.C. S 103(a) 
In contrast, the Netegrity White Paper discloses a SiteMinder system that reduces the 
overall application processing time through a number of internal caches. Siteminder caches 
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include a resource cache and a user session cache in a Web Agent (page 2) and a Policy Store 
cache, an Authorization cache, a User Directory cache and a Directory Connection cache in a 
Policy Server (page 3). 

However, Applicants respectfully submit that merely caching policy information pursuant 
to accessing a resource does not amount to determining a static maximum allowed data structure 
in accordance with the invention. In this regard, Applicants respectfully submit that the term 
"dynamically" in the Netegrity White paper (e.g., page 3, paragraphs 1-3 relating to the Policy 
Store Cache and the Authorization Cache) refers only to how the caches are filled over time as 
access requests are processed (as opposed to at initialization of the system). This does not in any 
way relate to the difference between static and dynamic access policy addressed by the 
invention, i.e., the Netegrity White Paper nowhere teaches or suggests a static maximum allowed 
access data structure, as recited in claims 1, 14, and 18. 

Applicants also caution that the Official Action (e.g., page 4) improperly focuses the 103 
obviousness analysis on the teachings of Applicants' specification when the claim language 
should be the focus of the analysis. For instance, even if it was true that the Netegrity White 
Paper also relates to reducing the burden of redundant access checks, this fact would be 
irrelevant to the claim analysis. 

Specifically, focusing on the claim language, Applicants submit that claim 1 requires that 
the static maximum allowed access data structure includes information representative of a set of 
policies that is reduced to static form that is common to a class of access requests. In contrast, the 
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Netegrity White Paper includes no such teaching or suggestion in accordance with Applicants' 
above understanding of its disclosure. 

Claim 14 requires that the static maximum allowed access mechanism provides 
extensible support for application-defined business rules via a set of APIs and DACLs. The 
Netegrity White Paper includes no such teaching or suggestion. 

Lastly, claim 18 requires a static maximum allowed access data structure including an 
identifier identifying the data structure as a static maximum allowed access data structure and 
data representing the static maximum allowed access for a given security descriptor and a 
corresponding client context in connection with an access request. Similarly, the Netegrity White 
Paper includes no teaching or suggestion of such specific information in a data structure. 

In short, the Netegrity White Paper relates only to caching information relating to 
previous requests, but not to a data structure that is created to represent the maximum allowed 
static access for a given security descriptor and client context. 

Schneck and Clifton were cited for reasons related to the dependent claims, but also fail 
to cure the above-identified deficiencies of the Netegrity White Paper with respect to Applicants' 
independent claims 1,14 and 18. 

Claims 2-13, 15-17 and 19-21 depend from claims 1, 14 and 18, either directly or 
indirectly, and are believed allowable for the same reasons. Withdrawal of the rejection to claims 
1-21 under 35 U.S.C. § 103(a) is respectfully requested. 
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Applicant believes that the present Amendment is responsive to each of the points raised 
by the Examiner in the Office Action, and submits that Claims 1-21 of the application are in 
condition for allowance. Favorable consideration and passage to issue of the application at the 
Examiner's earliest convenience is earnestly solicited. 
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